Twitter LinkedIn
Steven J. Fox


  • University of Maryland School of Law (J.D., 1974)
  • University of Maryland (B.A., with Honors, 1971)

Bar Memberships

  • District of Columbia
  • Maryland


  • HIMSS (Advisory Board Member, 2006-2008)
  • HIMSS Privacy & Security Steering Committee (2009-2011)
  • HIMSS Legal Task Force (2012-Present)
  • Legal, Privacy & Security Committee of the Pennsylvania eHealth Collaborative (2011)
  • Pennsylvania eHealth Initiative (Board of Directors and Chair of the Policy Committee, (2007-Present)
  • American Health Lawyers Association
  • Maryland HIMSS (Board of Directors)

Steven J. Fox


Chair, Information Technology and Co-Chair, Information Privacy & Security Practice Groups

Washington, D.C.

(202) 661-6940

(202) 661-6975 Fax

Steven J. Fox is a Principal in the Firm's Business Law & Litigation Department, Chair of the Firm’s Information Technology Practice Group, and Co-Chair of its Information Privacy & Security Practice Group. Mr. Fox is an acknowledged and well-known national authority on legal issues regarding information technology, data privacy, and healthcare information technology. Since 1990, he has been assisting clients with legal issues and strategic counseling involving technology, healthcare information systems, data privacy matters, healthcare regulatory compliance, and e-commerce. In particular, he has significant experience in the development, acquisition, negotiation, transfer and licensing of complex information systems; Health Information Exchanges (HIEs); Regional Health Information Organizations (RHIOs); networks and software; outsourcing transactions; acquisition and implementation of Electronic Health Records (EHRs); data privacy protection, including Health Insurance Portability and Accountability Act of 1996 (HIPAA) compliance; Internet and technology-use policies; consulting/services agreements; and corporate, contractual and intellectual property matters. Additionally, Mr. Fox advises client companies in the hospitality industry, including hotels and restaurants, on the legal issues involved in data privacy and management and information systems.

Mr. Fox has been working with and advising clients on navigating the complexities of the American Recovery and Reinvestment Act of 2009 (ARRA) in order to obtain the EHR incentives and comply with the updated HIPAA provisions under the Health Information Technology for Economic and Clinical Health (HITECH) Act. He also continues to advise clients on the legal implications of establishing and maintaining HIEs and RHIOs, including the impact of privacy and security issues and Stark and Anti-Kickback regulations on the donation, adoption and sharing of EHRs.

Mr. Fox is co-author of "Guide to Establishing a Regional Health Information Organization," which was published in February 2007 by the Healthcare Information and Management Systems Society (HIMSS). He also is a co-author of "Guide to Medical Privacy and HIPAA," published by Thompson Publishing Group in 2002. Between 2000 and 2006, Mr. Fox authored a regular "Q&A" column about compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). 

Mr. Fox served on the HIMSS Board of Directors from 2006 to 2008, and continues to serve as a member of the HIMSS Legal Task Force and on the Board of the Maryland chapter of HIMSS. He also chairs the Policy Committee and serves as an elected Board member of the Pennsylvania e-Health Initiative. In 2011, Mr. Fox served (at the request of the Governor's Office) on the Legal, Privacy & Security Committee of the Pennsylvania eHealth Collaborative (2011), to help develop underlying criteria for policies and procedures for Pennsylvania's health information exchange network. In September 2012, he was retained by the Maryland Health Care Commission to advise them regarding the drafting of Health Information Exchange (HIE) regulations for the State of Maryland. 

Mr. Fox is a frequent national speaker and author on issues involving technology and healthcare information. He recently presented or published articles regarding "meaningful use" regulations, data privacy compliance in the post-ARRA environment, and negotiating contracts for vendor-financed EHR systems.